Skip to main content

Authentication and Single Sign-on

Practically every app needs to provide an authenticated user experience, especially when those apps are used in enterprise environments by employees or customers.

Single Sign-on

Enterprise apps generally need to provide authentication with consumer auth providers in the case of a consumer app, or internal Single Sign-on service such as Azure Active Directory, Ping, and more.

There are a few ways to accomplish this. Some providers may have drop-in SDKs and libraries that teams can use. Additionally, there are some auth plugins built and maintained by volunteers in the community.

We recommend taking a look at Auth Connect for teams that want a fully managed, secure solution for consumer and enterprise authentication and Single Sign-on. Additionally, Auth Connect integrates fully with Identity Vault for secure session and token management and support for biometric authentication.

Protecting Auth Tokens (JWTs/etc)

For enterprise apps where security is a concern, user auth tokens should be stored encrypted at rest using low-level secure hardware, such as the Secure Enclave on iOS.

The easiest way to do this is using Identity Vault which is an official solution from Ionic that provides an easy API on top of complex, low-level security and encryption APIs on iOS and Android.

Enabling Biometric Authentication

When storing user auth tokens on the device to enable re-authentication, biometrics will likely need to be used to maximize security. When enabled, biometrics will only allow the app to be unlocked when the actual user that was last using it is present. This protects against lost, stolen, or jailbroken devices being used to steal a user session and compromise user or company data.

To enable biometrics, apps must integrate with low-level security APIs such as Keychain on iOS and KeyStore on Android. These APIs can be very complex, and incorrect usage can lead to a false sense of security.

The easiest way to add biometric authentication to your app and integrate with these low-level security APIs is by using Identity Vault which is an official solution from Ionic that provides an easy API on top of complex, low-level security and encryption APIs on iOS and Android.